Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth token update feature #4271

Open
vanhauser-thc opened this issue Jul 16, 2020 · 4 comments
Open

Auth token update feature #4271

vanhauser-thc opened this issue Jul 16, 2020 · 4 comments
Labels
feature request

Comments

@vanhauser-thc
Copy link

I fuzz a target with a complex request I read in with -r.
That requests has special headers (no cookies) that also contain auth tokens that time out after x minutes.
A fuzz run takes however 4x+ the time than the lifetime of the auth token.

It would be great if there would be a feature that executes a python script on an event (in my case: HTTP code 401) and then re-read the -r file, hence the python script would get a new token and write it to the file.

My current workaround is to see at which item from the request sqlmap was fuzzing when it is terminating because the auth token has timed out, and skip all items that were completed until then with --skip, but that is a lot of hands-on work.

I think my problem is actually common so either there is already a way to deal with that and I didn't find it, or this is a feature that would be very useful.

Thank you!
@vanhauser-thc
Copy link
Author

To maybe add to this:

the --preprocess feature could be used for this, however what is needed is a way to
a) trigger sqlmap to re-read the -r request file, and
b) resend the last request that resulted in a 401 (the preprocess script would need to check it is not the same request over and over triggering it as it would other ways loop forever)

@vanhauser-thc
Copy link
Author

@stamparm
Hey Miroslav, we met at navaja negro in 2015, we were the only non-spanish speaking presenters there ... :)
I would appreciate if you could give me a quick hint if there is a workaround for my problem or not. thank you!

@stamparm
Copy link
Member

stamparm commented Aug 3, 2020

Great THC asks me whether I recall him :D. Life tends to be funny sometimes.

Thing is that I am aware of this "problem" of yours and that I had couple of similar requests before, though, currently I am not sure what would be the "optimal" way to do it in the code itself.

Until I implement something useful, maybe there is a nice workaround described here (Note: nightmare-tamper.py). Thing is that tamper scripts are great in this kind of cases as headers are also available for update during their run. It would not currently be the "best" solution for your issue as it would retrieve new auth token before each request, but it could provide an easy way to deal with it.

@vanhauser-thc
Copy link
Author

vanhauser-thc commented Aug 3, 2020
edited

ah that was five years ago :) you only remember me because of my good hair :p

I feared that this would be the only possible workaround.
Any easy improvement though is to do this once, save a counter + token in a file, read it in every time the script and once the counter reaches 500 perform it again.
otherwise it will quadruple the test time
Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stamparm @vanhauser-thc